[Dark Theme / Mode]

Inevitably someone had to bring this one up. 

In the current interface, the tab bar with the "Passwords", "Hosts", "Administration", doesn't play nice with the most pervasive Dark Reader extension, so just making that play nice would make it look okay for Dark Reader users.

But a native dark theme would be wonderful.

[Enforce *any* 2FA/MFA method through account policies]

On 3/22/2021 at 9:26 PM, support said:

We're not sure how this would work if we implemented it i.e. how would we know which authentication screen to direct them to?

Perhaps a list box of the enabled methods in the user preferences with up/down buttons to change the priority, and a configure button next to any that have yet to be configured or some other indication the user needs to take further action to use any specific one.

For handling user configuration of methods that require it, perhaps it might make sense to have some system in place to guide a user through 2FA setup on first login if none of their enabled 2FA methods have yet to be configured.

Or maybe a more general prompt; I'd love to have a way to nudge our users to using TOTP instead of email; perhaps a prompt that (if they have one 2FA method active but have more available to them) tells them they have more 2FA methods available and gives them links to configure one of their choice and lets administrators provide some message about what's recommended, and if they have none configured then force them to select one and just highlight the system default. 

 

On 3/22/2021 at 9:26 PM, support said:

Did you know user's can specify their own Authentication option on their Preferences screen? And on the screen Aministration -> System Settings -> Authentication Options tab, there is the option "Hide the following Authentication Options on User's Preferences screen" which can also be used.

That's part of the problem, because we can set a single 2FA method as default for everyone (e.g. email-based, since for us that can work immediately without any setup on the user's part) but if we showed them how to set up their preferred 2FA method, then they'll also be presented with options that we may have enabled for users with different needs and higher technical literacy, but could break their account if they were to just start poking around it themselves.

So perhaps the solution there would just be to make the enabled 2FA methods more granular in what users they effect by making it available in the user account policies.

 

[Enforce *any* 2FA/MFA method through account policies]

+1

 

Just being able to create a list of allowed 2FA methods such that you can ensure one true 2FA method has to be met, would be very helpful.

[Remember me feature for MFA]

+1